我想知道如何将进程名称 root 更改为另一个?
使用以下命令时:
ps aux | grep keepalived
root 26982 0.0 0.0 19344 1560 ? Ss 11:52 0:00 /usr/local/keepalived-2.0.16/sbin/keepalived -D
root 26983 0.0 0.1 19344 2404 ? S 11:52 0:02 /usr/local/keepalived-2.0.16/sbin/keepalived -D
root 30816 0.0 0.0 9288 1628 pts/1 S+ 13:49 0:00 grep --color=auto keepalived
keepalived 按预期工作,处理虚拟 IP 和故障转移。
但我想将 root 更改为用户名:keepalived
我的环境:
- Linux 发行版:SUSE SLES 12 SP4
- Linux内核:4.12.14-95.13
- Unix 守护进程:systemd
- keepalived 版本:
- 1.4.5(使用 zypper 从https://software.opensuse.org/package/keepalived)
- 另外,尝试从源代码进行安装
- 按照安装步骤https://www.keepalived.org/doc/installing_keepalived.html#build-and-install
- 1.4.5(来自https://www.keepalived.org/download.html)
- 2.0.16(来自https://www.keepalived.org/download.html)
(由于https://www.keepalived.org/index.html说:”git master 分支中存在的 Keepalived 代码必须被视为稳定且面向未来的。“,
和https://www.keepalived.org/manpage.html只显示一个版本(是2.0.16吗?)文档,我选择2.0.16进行讨论)
(以下信息是2.0.16版本,以root身份运行命令,但我在1.4.5中也看到类似的错误)
我如何安装keepalived:
wget http://keepalived.org/software/keepalived-2.0.16.tar.gz
tar -xvf keepalived-2.0.16.tar.gz
cd keepalived-2.0.16/
zypper in gcc
zypper in openssl-devel
./configure --prefix=/usr/local/keepalived-2.0.16
make
sudo make install
设置 keepalived.conf
vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
script_user keepalived
enable_script_security
}
# Script used to check if nginx is running
vrrp_script check_nginx {
script "/etc/keepalived/check_nginx.sh"
interval 2
weight 2
}
# Virtual interface
# The priority specifies the order in which the assigned interface to take over in a failover
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass pass
}
# The virtual ip address shared between the two loadbalancers
virtual_ipaddress { # Block limited to 20 IP addresses
192.168.2.179
}
track_script {
check_nginx
}
}
我已经尝试过:
- cp /usr/lib/systemd/system/keeplaived.service 到 /etc/systemd/system/keepalived.service 并添加用户标签
User=keepalived
Group=users
但是 keepalived 不再工作,keepalived 停止了。
- 更改 /etc/systemd/system/keepalived.service 中的目录和权限
#PIDFile=/var/run/keepalived.pid
ExecStart=/usr/local/keepalived-2.0.16/sbin/keepalived $KEEPALIVED_OPTIONS -p /etc/keepalived/keepalived.pid -r /etc/keepalived/vrrp.pid -c /etc/keepalived/keepalived_checkers.pid
useradd -M -s /bin/nologin -d /opt/keepalived keepalived
chown -R keepalived:users /etc/keepalived/
这时候keepalived开始工作
keepali+ 26289 0.0 0.0 19344 1628 ? Ss 11:34 0:00 /usr/local/keepalived-2.0.16/sbin/keepalived -D -p /etc/keepalived/keepalived.pid -r /etc/keepalived/vrrp.pid -c /etc/keepalived/keepalived_checkers.pid
keepali+ 26290 0.0 0.1 19344 2456 ? S 11:34 0:00 /usr/local/keepalived-2.0.16/sbin/keepalived -D -p /etc/keepalived/keepalived.pid -r /etc/keepalived/vrrp.pid -c /etc/keepalived/keepalived_checkers.pid
root 26323 0.0 0.0 9288 1628 pts/1 S+ 11:35 0:00 grep --color=auto keepalived
但是在 systemctl status keepalived 和 journalctl -xe 中出现以下错误
-- Unit keepalived.service has begun starting up.
Keepalived[10409]: Starting Keepalived v2.0.16 (05/03,2019), git commit v2.0.15-96-g4d492740+
Keepalived[10409]: Running on Linux 4.12.14-95.13-default #1 SMP Fri Mar 22 06:04:58 UTC 2019 (c01bf34) (bu
Keepalived[10409]: Command line: '/usr/local/keepalived-2.0.16/sbin/keepalived' '-D' '-p'
Keepalived[10409]: '/etc/keepalived/keepalived.pid' '-r' '/etc/keepalived/vrrp.pid' '-c'
Keepalived[10409]: '/etc/keepalived/keepalived_checkers.pid'
Keepalived[10409]: Opening file '/etc/keepalived/keepalived.conf'.
Keepalived[10409]: Failed to bind to process monitoring socket - errno 1 - Operation not permitted
systemd[1]: Started LVS and VRRP High Availability Monitor.
-- Subject: Unit keepalived.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit keepalived.service has finished starting up.
--
-- The start-up result is done.
Keepalived[10409]: Remove a zombie pid file /etc/keepalived/keepalived.pid
Keepalived[10409]: Remove a zombie pid file /etc/keepalived/vrrp.pid
Keepalived[10412]: Starting VRRP child process, pid=10413
Keepalived_vrrp[10413]: Registering Kernel netlink reflector
Keepalived_vrrp[10413]: Registering Kernel netlink command channel
Keepalived_vrrp[10413]: Opening file '/etc/keepalived/keepalived.conf'.
Keepalived_vrrp[10413]: Assigned address 192.168.2.178 for interface eth0
Keepalived_vrrp[10413]: Assigned address fe80::a00:27ff:feef:6ebe for interface eth0
Keepalived_vrrp[10413]: Error 1 while registering gratuitous ARP shared channel
Keepalived_vrrp[10413]: (VI_1) removing VIPs.
Keepalived_vrrp[10413]: Netlink: error: Operation not permitted, type=RTM_DELADDR(21), seq=1557728895, pid=
Keepalived_vrrp[10413]: cant open raw socket. errno=1
Keepalived_vrrp[10413]: (VI_1) Entering BACKUP STATE (init)
Keepalived_vrrp[10413]: VRRP sockpool: [ifindex(2), family(IPv4), proto(112), unicast(0), fd(-1,-1)]
Keepalived_vrrp[10414]: Couldn't setgroups: 100 (Operation not permitted)
Keepalived_vrrp[10413]: VRRP_Script(check_nginx) succeeded
Keepalived_vrrp[10413]: (VI_1) Changing effective priority from 150 to 152
Keepalived_vrrp[10415]: Couldn't setgroups: 100 (Operation not permitted)
(在我的例子中,我使用 keepalived 来故障转移 nginx )另外,我想问
有没有关于 keepalived 的论坛或问答?
安装 keepalived 的更好方法?
- 来自 zypper(包管理器)的 keepalived 1.4.5(目前)?
- keepalived 最新 2.0.16(目前)来自源代码?
我所做的事情或者我的想法是否是错误的或者奇怪的?
答案1
根据 Alexandre Cassen 的回复(我通过电子邮件询问)......
答案很简单,事实上,由于 Keepalived 是在操作系统级别运行的,如果使用权限低于 root 的其他用户运行,它将无法工作。Keepalived 需要打开不同的路由通道和内核系统,而这只能通过 root 级别身份验证来完成(RAW 套接字、netlink 设置通道等)。
快速阅读您在该论坛上的帖子并确认,Keepalived 网站上的最后一个稳定版本必须考虑用于生产。我真的很沮丧,大多数 Linux 发行版仍在发布非常旧的版本。Canonical/Ubuntu 在该主题上取得了进展,我们创建了一个snapcraft.ioKeepalived 的软件包与 Keepalived github 紧密相关。但使用最新发布的版本始终是一种很好的做法,我们确实花了很多时间进行测试和调试以提供最佳软件。
所以,答案是否定的。
并尝试使用最新发布的keepalived。
感谢 Alexandre Cassen。